CVE-2023-4976

Vulnerability Description

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

Related Weaknesses (CWE)

CWE-269

References

https://www.purestorage.com/security
https://purestorage.com/security

FAQ

What is CVE-2023-4976?

CVE-2023-4976 is a documented vulnerability. A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

How severe is CVE-2023-4976?

CVSS scoring is not yet available for CVE-2023-4976. Check NVD for updates.

Is there a patch for CVE-2023-4976?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.